16:20:26,857 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files
java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
at org.jboss.security.auth.spi.Util.loadProperties(Util.java:366)
at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186)
at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200)
at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:756)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:563)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:497)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
at org.jboss.security.javaee.EJBAuthenticationHelper.isValid(EJBAuthenticationHelper.java:76)
at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityContext(SecurityInterceptor.java:301)
at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:238)
at org.jboss.ejb.plugins.SSLSessionInterceptor.invokeHome(SSLSessionInterceptor.java:53)
at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:132)
at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:107)
at org.jboss.ejb.SessionContainer.internalInvokeHome(SessionContainer.java:640)
at org.jboss.ejb.Container.invoke(Container.java:1031)
at sun.reflect.GeneratedMethodAccessor156.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)
at org.jboss.invocation.pooled.server.PooledInvoker$MBeanServerAction.invoke(PooledInvoker.java:896)
at org.jboss.invocation.pooled.server.PooledInvoker.invoke(PooledInvoker.java:383)
at org.jboss.invocation.pooled.server.ServerThread.processInvocation(ServerThread.java:233)
at org.jboss.invocation.pooled.server.ServerThread.dorun(ServerThread.java:275)
at org.jboss.invocation.pooled.server.ServerThread.run(ServerThread.java:156)

This is because it has been configured to use the ssl-pooled domain which is hot deployed with the ejbs, but it is actually using the "other" domain.

I'd guess this is because org.jboss.ejb.plugins.SecurityInterceptor is not respecting the jmx dependency rules. i.e. it is trying to retrieve the SecurityDomain in setContainer() instead of start() setContainer() is invoked from EJB.create()

public void setContainer(Container container)
{
...
// HERE This is invoked from EJB.create() which is too early since
the SecurityDomain is not deployed until start()
if(securityManager != null)
{
appSecurityDomain = securityManager.getSecurityDomain();
appSecurityDomain = SecurityUtil.unprefixSecurityDomain(appSecurityDomain);
}
}
}

Overall, we have between 7-10% of security test failures in the AS test suite in the last few months. A few of the tests are some legacy stuff (hard core SecurityAssociation stuff) that I have not yet decided whether we will support going forward.

In the last 3-4 days, I may have increased that failure rate a bit. Hopefully once I resolve the ejb3 refactoring (they want me to do) and make them happy, I can look at increasing the passing rate.

"anil.saldhana@jboss.com" wrote:Overall, we have between 7-10% of security test failures in the AS test suite in the last few months. A few of the tests are some legacy stuff (hard core SecurityAssociation stuff) that I have not yet decided whether we will support going forward.

Adrian, regarding the pooled tests, I updated the META-INF/jboss.xml to include the PreSecurityInterceptor before the SecurityInterceptor in the container configuration. The PreSI is needed to correctly establish the security context for the container on the thread.

With this change, I do not see the errors indicating lack of properties files (users/roles.properties). But the tests now fail mainly with the following messages: